Teams artifacts extraction providing results easy to be analyzed. This Autopsy Module also contains a Standalone Version - GitHub.
- Extract messages that user could interact
- Extract files that user could interact
- Extract reacts from users that our subject could interact
- Extract group calls where user could interact
- Extract private calls where user could interact
- Extract contacts that user could interact
- Extract teams formation where user could interact
- Creation of blackboard entries to analyze artifacts
- Creation of a report containing the results files so they can be analyzed as a CSV file or an HTML file
- Autopsy (4.15)
- Download repository contents.
- Open Autopsy -> Tools -> Python Plugins
- Unzip previously downloaded zip in
python_modulesfolder. - Restart Autopsy, create a case and select the module.
- Select your module options in the Ingest Module window selector.
- Analyze your results that are on the blackboard
- If you intend to analyze the results using HTML or CSV, click "Generate Report", select 'MSTeams Report Module' and your report will be generated.
- This Data Source Ingest Module can only be execute using three types of data source. Disk image, local disk or local folders. One thing to keep in mind is that when using local folders it's recomended to use the Users folder to use this module to it's full potencial. If thats not your intention, your limit must be %APPDATA% .
Project developed as final project for Computer Engineering course in Escola Superior de Tecnologia e Gestão de Leiria.
- Windows
This project is licensed under the terms of the GNU GPL v3 License.
- golang/leveldb - BSD 3-Clause "New" or "Revised" License